Florian Lindner <[EMAIL PROTECTED]> writes: > AFAIK scripts can't be setuid? Can you tell me what you mean and how to do > it?
Actually it looks like Linux doesn't support setuid scripts. I thought the feature had been restored. There is a well-known security hole but there are workarounds for it and some of the BSD-derived Unixes implement those. And there is a special hack for Perl that uses an accessory setuid C program to run setuid Perl scripts--maybe something like it could be written for Python. Anyway, the simple workaround is to write a simple C wrapper that invokes the Python interpreter on your script. Make sure to use a complete path to specify where your script is. From the "perlsec" documentation: #define REAL_PATH "/path/to/script" main(ac, av) char **av; { execv(REAL_PATH, av); } Compile this wrapper into a binary executable and then make it rather than your script setuid or setgid. http://supportweb.cs.bham.ac.uk/documentation/perl5/pod/perlsec.html You have to be very careful writing these scripts since there are all kinds of errors you can make. Perl's "taint checking" feature helps catch a lot of those and it would be good if Python had something similar. -- http://mail.python.org/mailman/listinfo/python-list